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Abstract 

Ordered  Binary  Decision  Diagrams  (OBDDs)  represent  Boolean  functions  as  directed  acyclic 
graphs.  They  form  a  canonical  representation,  making  testing  of  functional  properties  such  as 
satisfiability  and  equivalence  straightforward.  In  most  application,  their  size  remains  manageable. 
A  number  of  operations  on  Boolean  functions  can  be  implemented  as  graph  algorithms  on  OBDD 
data  structures.  Using  OBDDs,  a  wide  variety  of  problems  can  be  solved  through  symbolic 
analysis.  First,  the  possible  variations  in  system  parameters  and  operating  conditions  are  encoded 
with  Boolean  variables.  Then  the  system  is  evaluated  for  all  variations  by  a  sequence  of  OBDD 
operations.  Researchers  have  thus  solved  a  number  of  problems  in  digital  system  design,  finite 
state  system  analysis,  artificial  intelligence,  and  mathematical  logic.  This  paper  describes  the 
OBDD  data  structure,  and  surveys  a  number  of  applications  that  have  been  solved  by  OBDD-based 
symbolic  analysis. 
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Many  tasks  in  digital  system  design,  combinatorial  optimization,  mathematical  logic,  and  ar¬ 
tificial  intelligence  can  be  formulated  in  terms  of  operations  over  small,  finite  domains.  By 
introducing  a  binary  encoding  of  die  elements  in  these  domains,  these  problems  can  be  fur¬ 
ther  reduced  to  operations  over  Boolean  values.  Using  a  symbolic  representation  of  Boolean 
functions,  we  can  express  a  problem  in  a  very  general  form.  Solving  this  generalized  problem 
via  symbolic  Boolean  function  manipulation  then  provides  die  solutions  for  a  large  number  of 
specific  problem  instances.  Thus,  an  efficient  method  for  representing  and  manipulating  Boolean 
functions  symbolically  can  lead  to  the  solution  of  a  large  class  of  complex  problems. 


Ordered  Binary  Decision  Diagrams  (OBDDs)  [Bryant  1986]  provide  one  such  representation. 
This  representation  is  defined  by  imposing  restrictions  on  die  die  Binary  Decision  Diagram 
(BDD)  representation  introduced  by  Lee*  [Lee  1959]  and  Akers  [Akers  1978],  such  that  die 
resulting  form  is  canonical.  These  restrictions  and  the  resulting  canonicity  were  first  recognized 


‘Lee  represented  Boolean  functions  as  Binary  Decision  Program,  a  form  of  straight-line  program.  Such  a 
program  can  he  viewed  at  a  linear  ordering  of  the  venires  in  a  directed  acyclic  graph,  and  hence  the  distinction 
liifwiigp  iwo  forms  »  minor. 
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by  Fortune,  Hopcroft,  and  Schmidt  (Fortune  et  al  1978].  Functions  are  represented  as  directed 
acyclic  graphs,  with  internal  vertices  corresponding  to  the  variables  over  which  the  function 
is  defined  and  terminal  vertices  labeled  by  the  function  values  0  and  1.  Although  the  OBDD 
representation  of  a  function  may  have  size  exponential  in  the  number  of  variables,  many  useful 
functions  have  more  compact  representations. 

Operations  on  Boolean  functions  can  be  implemented  as  graph  algorithms  operating  on  OBDDs. 
Tasks  in  many  problem  domains  can  be  expressed  entirely  in  terms  of  operations  on  OBDDs, 
such  that  a  full  enumeration  of  the  problem  space  (e.g.,  a  truth  table,  state  transition  graph,  or 
search  tree)  need  never  be  constructed.  Researchers  have  solved  problems  using  OBDDs  that 
would  not  be  possible  by  more  traditional  techniques  such  as  case  analysis  or  combinatorial 
search. 

To  date,  most  applications  of  OBDDs  have  been  in  the  areas  of  digital  system  design,  verification, 
and  testing.  Mott  recently,  interest  has  spread  into  other  areas  such  as  concurrent  system  design, 
mathematical  logic,  and  artificial  intelligence. 

This  paper  provides  a  combined  tutorial  and  survey  on  symbolic  Boolean  manipulation  with 
OBDDs.  The  next  three  sections  describe  the  OBDD  representation  and  the  algorithms  used 
to  construct  and  manipulate  them.  The  following  section  describes  several  basic  techniques  for 
representing  and  operating  on  a  number  of  mathematical  structures,  including  functions,  sets,  and 
relations,  by  symbolic  Boolean  manipulation.  We  illustrate  these  techniques  by  describing  some 
of  the  applications  for  which  OBDDs  have  been  used  to  date  and  conclude  by  describing  further 
areas  for  research.  Although  most  of  the  application  examples  involve  problems  in  digital  system 
design,  we  believe  that  similar  methods  can  be  applied  to  a  variety  of  application  domains.  For 
background,  we  assume  only  that  the  reader  has  a  basic  knowledge  of  Boolean  functions,  digital 
-logic  design,  and  finite  automata. 


1.  OB^D  REPRESENTATION 

Binary  decision  diagrams  have  been  recognized  as  abstract  representations  of  Boolean  functions 
for  many  years.  Under  the  name  “branching  programs”  they  have  been  studied  extensively  by 
complexity  theorists  [Wegener  1988;  Meinel  1990].  The  key  idea  of  OBDDs  is  that  by  restricting 
the  representation.  Boolean  manipulation  becomes  much  simpler  computationally.  Consequently, 
they  provide  a  suitable  data  structure  for  a  symbolic  Boolean  manipulator. 


1.1.  Binary  Decision  Diagrams 

A  binary  decision  diagram  represents  a  Boolean  function  as  a  rooted,  directed  acyclic  graph.  As 
an  example.  Figure  1  illustrates  a  representation  of  die  function  f(xi,  x2,  z3)  defined  by  die  truth 
table  given  on  the  left,  for  die  special  case  where  the  graph  is  actually  a  tree.  Each  nonterminal 
vertex  v  is  labeled  by  a  variable  var(v)  and  has  arcs  directed  toward  two  children:  lo(v)  (shown 
as  a  dashed  line)  corresponding  to  the  case  where  the  variable  is  assigned  0,  and  hi(v)  (shown 
as  a  solid  tine)  corresponding  to  the  case  where  die  variable  is  assigned  1.  Each  terminal  vertex 
is  labeled  0  or  1.  For  a  given  assignment  to  the  variables,  the  value  yielded  by  die  function  is 
determined  by  tracing  a  path  from  the  root  to  a  terminal  vertex,  following  the  branches  indicated 
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Figure  1:  Truth  Table  and  Decision  TVee  Representations  of  a  Boolean  Function.  A  dashed 
(solid)  tree  branch  denotes  the  case  where  the  decision  variable  is  0  (1). 

by  the  values  assigned  to  the  variables.  The  function  value  is  then  given  by  the  terminal  vertex 
label.  Due  to  the  way  the  branches  are  ordered  in  this  figure,  the  values  of  the  terminal  vertices, 
read  from  left  to  right,  match  those  in  the  truth  table,  read  from  top  to  bottom. 

1 2,  Ordering  and  Reducing 

For  an  Ordered  BDD  (OBDD),  we  impose  a  total  ordering  <  over  the  set  of  variables  and 
require  that  for  any  vertex  u,  and  either  nonterminal  child  v,  their  respective  variables  must  be 
ordered  var(u)  <  var(v).  In  die  decision  tree  of  Figure  1,  far  example,  the  variables  are  ordered 
ii  <  i2  <  x3.  In  principle,  the  variable  ordering  can  be  selected  arbitrarily — die  algorithms  will 
operate  correctly  for  any  ordering.  In  practice,  selecting  a  satisfactory  ordering  is  critical  for  the 
efficient  symbolic  manipulation.  This  issue  is  discussed  in  die  next  section. 

We  define  three  transformation  rules  over  these  graphs  that  do  not  alter  the  function  represented: 

Remove  Duplicate  Terminals:  Eliminate  all  but  one  terminal  vortex  with  a  given  label  and 
redirect  all  arcs  into  the  eliminated  vertices  to  die  remaining  one. 

Remove  Duplicate  Nonterminals:  If  nonterminal  vertices  u  and  v  have  var(u) = var(v),  lo(u)  = 
lo(v),  and  hi(u)—hi(v),  then  eliminate  one  of  the  two  vertices  and  redirect  all  incoming 
arcs  to  die  ocher  vertex. 

Remove  Redundant  Tests:  If  nonterminal  vertex  v  has  lo{y)  —  hi{v),  then  eliminate  v  and 
redirect  all  incoming  arcs  to  to(v). 

Starting  with  any  BDD  satisfying  the  ordering  property,  we  can  reduce  its  size  by  repeatedly 
applying  die  transformation  rules.  We  use  the  term  “OBDD”  to  refer  to  a  maximally  reduced 
graph  that  obeys  some  ordering.  For  example,  Figure  2  illustrates  die  reduction  of  the  decision 
tree  shown  in  Figure  1  to  an  OBDD.  Applying  die  first  transformation  rule  (A)  reduces  the 
eight  terminal  vertices  to  two.  Applying  the  second  transformation  rule  (B)  eliminates  two 
of  die  vertices  having  variable  x3  and  arcs  to  terminal  vertices  with  labels  0  ( lo )  and  1  (hi). 
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Figure  2:  Reduction  of  Decision  Tree  to  OBDD.  Applying  the  three  reduction  rules  to  the  tree 
of  Figure  1  yields  the  canonical  representation  of  the  function  as  an  OBDD. 

Applying  the  third  transformation  rule  (Q  eliminates  two  vertices:  one  with  variable  x3  and 
one  with  variable  x2.  In  general,  die  transformation  rules  must  be  applied  repeatedly,  since  each 
transformation  can  expose  new  possibilities  for  further  ones. 

The  OBDD  representation  of  a  function  is  canonical — for  a  given  ordering,  two  OBDDs  for  a 
function  are  isomorphic.  This  property  has  several  important  consequences.  Functional  equiv¬ 
alence  can  easily  be  tested.  A  function  is  satisfiable  if  and  only  if  its  OBDD  representation 
does  not  correspond  to  die  single  terminal  vertex  labeled  0.  Any  tautological  function  must 
have  the  terminal  vertex  labeled  1  as  its  OBDD  representation.  If  a  function  is  independent  of 
variable  x,  then  its  OBDD  representation  cannot  contain  any  vertices  labeled  by  z.  Thus,  once 
OBDD  representations  of  functions  have  been  generated,  many  functional  properties  become 
easily  testable. 

As  Figures  1  and  2  illustrate,  we  can  construct  die  OBDD  representation  of  a  function  given  its 
truth  able  by  constructing  and  reducing  a  decision  tree.  This  approach  is  practical,  however, 
only  for  functions  of  a  small  number  of  variables,  since  both  the  truth  table  and  the  decision  tree 
have  sue  exponential  in  die  number  of  variables.  Instead,  OBDDs  are  generally  constructed  by 
“symbolically  evaluating”  a  logic  expression  or  logic  gate  network  using  die  apply  operation 
described  in  Section  3. 


13.  Effect  of  Variable  Ordering 

The  form  and  size  of  the  OBDD  representing  a  function  depends  on  the  variable  ordering.  For 
example.  Figure  3  shows  two  OBDD  representations  of  the  function  denoted  by  the  Boolean 
expression  oi-6j  -f  02-62  +  03-63,  where  -  denotes  the  And  operation  and  +  denotes  die  Or 
operation.  For  the  case  on  the  left,  the  variables  are  ordered  ot  <  bx  <  a2  <  62  <  a3  <  63,  while 
for  die  case  on  die  right  they  are  ordered  oi  <  02  <  03  <  6,  <  62  <  63. 

Vfe  can  generalize  this  function  to  one  over  variables  oi,...,a„  and  6|,...,6n  given  by  the 
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Figure  3:  OBDD  Representations  of  a  Singe  Function  for  Two  Different  Variable  Orderings. 


expression: 


a\’bi  +d2,^  +  + 


Generalizing  the  first  variable  ordering  toai<6i<-<an<6„  yields  an  OBDD  with 
2 n  nonterminal  vertices — one  far  each  variable.  Generalizing  the  second  variable  ordering  to 
at  <  •  •  •  <  an  <  &i  <  •  •  •  <  on  the  other  hand,  yields  an  OBDD  with  2(2"  -  1)  nonterminal 
vertices.  For  large  values  of  n,  the  difference  between  the  linear  growth  of  the  first  ordering 
versus  the  exponential  growth  of  the  second  has  a  dramatic  effect  on  die  storage  requirements 
and  die  efficiency  of  the  manipulation  algorithms. 

Fyamining  die  structure  of  die  two  graphs  of  Figure  3,  we  can  see  that  in  the  first  case  the 
variables  are  paired  according  to  their  occurrences  in  the  Boolean  expression  avbi+a2-h+aybi. 
Thus,  from  every  second  level  in  die  graph,  only  two  branch  destinations  are  required:  one  to 
die  terminal  vertex  labeled  1  for  die  case  where  die  corresponding  product  yields  1,  and  one  to 
die  next  level  for  die  case  where  every  product  up  to  this  point  yields  0.  On  die  other  hand,  die 
first  3  levels  in  die  secood  case  form  a  complete  Unary  tree  encoding  all  possible  assignments  to 
the  a  variables.  In  general,  for  each  assignment  to  die  a  variables,  die  function  value  depends  in 
a  unique  way  on  the  assignment  to  the  6  variables.  As  we  generalize  this  function  and  ordering 
to  one  over  2n  variables,  die  first  n  levels  in  die  OBDD  form  a  complete  binary  tree. 

Mori  applications  using  OBDDs  choose  seme  ordering  of  the  variables  at  the  outset  and  construct 
all  graphs  according  to  this  ordering.  This  ordering  is  chosen  either  manually,  or  by  a  heuristic 
analysis  of  the  particular  system  to  be  represented.  For  example,  several  heuristic  methods  have 
been  devised  that,  given  a  logic  gate  network,  generally  derive  a  good  ordering  for  variables 
representing  die  primary  inputs.  [Fujita  et  al  1988;  Malik  et  al  1988].  Others  have  been 
developed  for  sequential  system  analysis  [Jeong  et  al  1991].  Note  that  these  heuristics  do  not 
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Function  Class 

Complexity 

Best  Worst 

Symmetric 

Integer  Addition  (any  bit) 

Integer  Multiplication  (middle  bits) 

linear  quadratic 

linear  exponential 

exponential  exponential 

Table  1:  OBDD  complexity  for  common  function  classes. 

need  to  find  the  best  possible  ordering — die  ordering  chosen  has  no  effect  on  the  correctness  of 
the  results.  As  long  as  an  ordering  can  be  found  that  avoids  exponential  growth,  operations  on 
OBDDs  remain  reasonably  efficient. 


L4.  Complexity  Characteristics 

OBDDs  provide  a  practical  approach  to  symbolic  Boolean  manipulation  only  when  the  graph 
sizes  remain  well  below  the  worst  case  of  being  exponential  in  the  number  of  variables.  As  the 
previous  examples  show,  some  functions  are  sensitive  to  die  variable  ordering  but  remain  quite 
compact  as  long  as  a  good  ordering  is  chosen.  Furthermore,  there  has  been  ample  empirical 
evidence  indicating  that  many  functions  encountered  in  real  applications  can  be  represented 
efficiently  as  OBDDs.  One  way  to  more  folly  understand  the  strengths  and  limitations  of 
OBDDs  is  to  derive  lower  and  upper  bounds  for  important  classes  of  Boolean  functions. 

Ifcble  1  summarizes  the  asymptotic  growth  rate  for  several  classes  of  Boolean  functions,  and 
their  sensitivity  to  the  variable  ordering.  Symmetric  functions,  where  die  function  value  depends 
only  the  number  of  arguments  equal  to  1,  are  insensitive  to  die  variable  ordering.  Except  for 
the  trivial  case  of  constant  functions,  these  functions  have  graphs  ranging  between  linear  (e.g., 
parity)  and  quadratic  (e.g.,  at  least  half  the  inputs  equal  1). 

We  can  consider  each  output  of  an  n-bit  adder  as  a  Boolean  function  over  variables  ao,  aj, . . . ,  i, 
representing  one  operand,  and  io,6i, •••,&»-!>  representing  the  other  operand.  The  function  for 
any  bit  has  OBDD  representations  of  linear  complexity  for  the  ordering  ao  <  bo  <  a}  <  bx  < 

•  •  •  <  a„_i  <  and  exponential  complexity  for  the  ordering  ao  <  •  •  •  <  an_ j  <  6q  <  « •  •  < 
K- 1.  In  foot,  these  functions  have  representations  similar  to  those  for  die  function  shown  in 
Figure  3. 

The  Boolean  functions  representing  integer  multiplication,  cm  the  other  hand,  form  a  particularly 
difficult  case  for  OBDDs.  Regardless  of  the  ordering,  the  Boolean  function  representing  either  of 
the  middle  two  outputs  of  an  n-bit  multiplier  have  exponential  OBDD  representations.  [Bryant 
1991]. 

Upper  bounds  for  othe/  classes  of  Boolean  functions  can  be  derived  based  on  die  structural  prop¬ 
erties  of  their  logic  network  realizations.  Berman  [Berman  1989]  and  more  recently  McMillan 
[McMillan  1992]  have  derived  useful  bounds  for  several  classes  of  “bounded  width”  networks. 
Consider  a  network  with  n  primary  inputs  and  one  primary  output  consisting  of  m  “logic  blocks.” 
Each  block  may  have  multiple  inputs  and  outputs.  Primary  inputs  are  represented  by  “source” 
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Figure  4:  Linear  Arrangement  of  Circuit  Computing  Most  Significant  Bit  of  Integer  Addi¬ 
tion 

blocks  with  no  input  and  one  output  As  an  example.  Figure  4  shows  a  network  having  as 
output  the  most  significant  sum  bit  of  an  n-bit  adder.  This  network  consists  of  a  carry  chain 
computing  the  carry  input  c„_i  into  die  final  stage.  Blocks  labeled  “2/3”  compute  the  Major¬ 
ity  function  having  1  as  output  when  at  least  two  inputs  are  1.  The  output  is  computed  as  the 
Exclusive-Or  of  die  most  significant  bits  of  the  inputs  and  Cn-i. 

Define  a  linear  arrangement  of  the  network  as  a  numbering  of  the  blocks  from  1  to  m  such 
that  the  block  producing  the  primary  output  is  numbered  last  Define  the  forward  cross  section 
at  block  i  as  die  total  number  of  wires  from  an  output  of  a  block  j  such  that  j  <  i  to  an  input 
of  a  block  k  such  that  i  <  k.  Define  die  forward  cross  section  wf  of  the  circuit  (with  respect 
to  an  arrangement)  as  the  maximum  forward  cross  section  for  all  of  the  blocks.  As  the  dashed 
line  in  Figure  4  shows,  our  adder  circuit  has  a  forward  cross  section  of  3.  Similarly,  define  the 
reverse  cross  section  at  block  i  as  the  total  number  of  wires  from  an  output  of  a  block  j  such  that 
j  >  i  to  an  input  of  a  block  k  such  that  i  >  k.  In  arrangements  where  the  blocks  are  ordered 
topologically  (the  only  case  considered  by  Berman),  such  as  the  one  shown  in  Figure  4,  the 
reverse  cross  section  is  0.  Define  the  reverse  cross  section  wT  of  the  circuit  (with  respect  to  an 
arrangement)  as  the  maximum  reverse  cross  section  for  all  of  the  blocks.  Given  these  measures, 
it  can  be  shown  that  there  is  an  OBDD  representing  die  circuit  function  with  at  most  nlwiT"T 
vertices.  Furthermore,  finding  an  arrangement  with  low  cross  section  leads  to  a  good  ordering 
of  the  function  variables — namely  the  reverse  of  the  ordering  of  die  corresponding  source  blocks 
in  the  arrangement 

This  bound  based  on  network  realizations  leads  to  useful  bounds  for  a  variety  of  Boolean  func¬ 
tions.  For  example,  functions  having  realizations  with  constant  forward  cross  section  and  zero 
reverse  cross  section,  such  as  die  adder  circuit  of  Figure  4,  have  linear  OBDD  representations. 
A  symmetric  function  of  n  variables  can  be  realized  by  a  circuit  having  forward  cross  section 
2  +  logn  and  reverse  cross  section  0.  This  circuit  consists  of  a  series  of  stages  to  compute  the 
total  number  of  inputs  having  value  1,  encoding  the  total  as  a  [log2  n]  -bit  binary  number.  This 
realization  implies  die  quadratic  upper  bound  in  OBDD  size  stated  in  Table  1. 

Figure  3  shows  an  application  of  this  result  for  a  circuit  with  non-zero  reverse  cross  section. 
This  circuit  shows  a  general  realization  of  die  Within-K  function,  where  K  is  some  constant 
such  that  0  <  K  <n.  For  inputs  ••  •  this  function  yields  1  if  there  are  two  inputs 
and  Xi>  equal  to  1  such  that  *'  equals  t  +  j  mod  n  for  some  value  j  such  that  0  <  j  <  K.  As 
Figure  5  illustrates,  this  function  can  be  computed  by  a  series  of  blocks  arranged  in  a  ring,  where 
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Figure  5:  Linear  Arrangement  of  Within-A'  Ring  Circuit.  As  shown  by  the  dashed  line,  the 
circuit  has  forward  cross  section  2  +  flog2  K\  and  reverse  cross  section  flog2  K] . 

each  block  £,  has  as  outputs  a  1-bit  value  S{  and  a  ifc-bit  integer  value  Z/„  where  k  =  flog2  K] : 

_  /  1’  x*  =  *  ^  ® 

3'  ~  \  i,  otherwise 

K  -  1,  x,  =  1 

Li  —  <  Li- 1  -  1,  Xi  —  0  and  Li- 1  >  0 
0,  otherwise. 

In  this  realization,  each  A,-  signal  encodes  the  number  of  remaining  positions  with  which  the 
most  recent  input  value  of  1  can  be  paired,  while  each  a,-  signal  indicates  whether  a  pair  of  1 
input  values  within  distance  K  has  occurred  so  far.  To  realize  the  modular  proximity  measure, 
output  Ln- 1  of  the  final  stage  is  routed  back  to  die  initial  stage.  Note  that  although  this  circuit 
has  a  cyclic  structure,  its  output  is  uniquely  defined  by  the  input  values.  As  the  dashed  line 
indicates,  this  ring  structure  can  be  '‘flattened”  into  a  linear  arrangement  having  forward  cross 
section  k  +  2  and  reverse  cross  section  k.  This  construction  yields  an  upper  bound  of  (SK4K)n 
on  the  OBDD  size.  For  constant  values  of  K,  the  OBDD  is  of  linear  size,  although  the  constant 
factor  grows  rapidly  with  K. 

McMillan  has  generalized  this  technique  to  tree  arrangements  in  which  the  network  is  organized 
as  a  tree  of  lope  blocks  with  branching  factor  b  and  with  the  primary  output  produced  by  the 
block  at  the  root  In  such  an  arrangement,  forward  (respectively,  reverse)  cross  section  refers  to 
wires  directed  toward  (respectively,  away  from)  the  root  Such  an  arrangement  yields  an  upper 

bound  on  die  OBDD  size  of  n  |2*n6“sjW/2  .  The  upper  bound  for  the  linear  arrangement  is 
given  by  this  formula  for  b  =  1.  Observe  that  for  constant  values  of  6,  w},  and  wr,  the  OBDD 
size  is  polynomial  in  n. 

These  upper  bound  results  give  some  insight  into  why  many  of  the  functions  encountered  in 
digital  design  applications  have  efficient  OBDD  representations.  They  also  suggest  strategies  for 
finding  good  variable  orderings  by  finding  network  realizations  with  low  cross  section.  Results 
of  this  form  for  other  representations  of  Boolean  functions  could  prove  useful  in  characterizing 
the  potential  of  OBDDs  for  other  application  domains. 


L5.  Refinements  and  Variations 


In  recent  years,  many  refinements  to  the  basic  OBDD  structure  have  been  reported.  These 
include  using  a  single,  multi-rooted  graph  to  represent  all  of  the  functions  required  [Brace  et  al 
1990;  Karplus  1989;  Minato  et  al  1990;  Reeves  and  Irwin  1987],  adding  labels  to  die  arcs 
to  denote  Boolean  negation  [Brace  et  al  1990;  Karplus  1989;  Minato  et  al  1990;  Madre  and 
Billon  1988]  and  generalizing  the  concept  to  other  finite  domains  [Srinivasan  et  al  1990].  These 
refinements  yield  significant  savings  in  the  memory  requirement — generally  the  most  critical 
resource  in  determining  the  complexity  of  the  problems  that  can  be  solved.  Applications  that 
require  generating  over  1  million  OBDD  vertices  are  now  routinely  performed  on  workstation 
computers. 


2.  OPERATIONS 

Let  us  introduce  some  notation  for  describing  operations  on  Boolean  functions.  We  will  use 
the  standard  operations  of  Boolean  algebra:  +  for  Or,  •  for  And,  0  for  Exclusive-Or  and 
an  overline  far  Not.  In  addition,  we  will  use  die  symbol  3)  to  indicate  the  complement  of 
tire  Exclusive-Or  operation  (sometimes  referred  to  as  Exclusive-Nor).  We  will  also  use 
summation  (X))  and  product  Ql)  notation  in  reference  to  Boolean  sums  (Or)  and  products 
(And).  Observe  that  these  operations  are  defined  over  Junctions  as  well  as  over  the  Boolean 
values  0  and  1.  For  example,  if  /  and  g  are  functions  over  some  set  of  variables,  then  /  +  g  is 
itself  a  function  h  over  these  variables.  For  some  assignment  a  of  values  to  the  variables,  h(a) 
yields  1  if  and  only  if  either  f(3)  or  g(a)  yields  1.  The  constant  functions,  yielding  either  1  or 
0  for  all  variable  assignments,  are  denoted  1  and  0,  respectively. 

The  function  resulting  when  some  argument  x  to  a  function  /  is  assigned  a  constant  value  k 
(either  0  or  1)  is  called  a  restriction  Of  /  (other  references  call  this  a  “cofactor”  of  /  [Brayton 
et  al  1984])  denoted  f\x  «_£.  Given  the  two  restrictions  of  a  function  with  respect  to  a  variable, 
the  function  can  be  reconstructed  as 

/  =  xf  |x«_0  +  x’f\x+-0 

This  identity  is  commonly  referred  as  the  Shannon  expansion  of  f  with  respect  to  x,  although 
it  was  originally  recognized  by  Boole  [Brown  1990]. 

A  variety  of  other  useful  operations  can  be  defined  in  terms  of  the  algebraic  operations  plus  the 
restriction  operation.  The  composition  operation,  where  a  function  g  is  substituted  for  variable 
x  of  function  /  is  given  by  the  identity 

f\x*—g  ~  9' f\x  *—0  +  9' f\x  < — 1  • 

The  variable  quantification  operation,  where  some  variable  x  to  function  /  is  existentially  or 
universally  quantified  is  given  by  the  identities 

3®/  =  /lx«—  0  /lx«—  1 

V*/  =  /lz*-0'/lx«-l 

Some  researchers  prefer  to  call  these  operations  smoothing  (existential)  and  consensus  (universal) 
to  emphasize  that  they  are  operations  on  Boolean  functions,  rather  than  on  truth  values  [Lin  et  al 
1990] 
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Figure  6:  F-xampfr  Arguments  to  Apply  operation.  Vertices  are  labeled  for  identification 
during  the  execution  trace. 

3.  CONSTRUCTION  AND  MANIPULATION 

A  number  of  symbolic  operations  on  Boolean  functions  can  be  implemented  as  graph  algorithms 
applied  to  the  OBDDs.  These  algorithms  obey  an  important  closure  property — given  that  the 
arguments  are  OBDDs  obeying  some  ordering,  the  result  will  be  an  OBDD  obeying  the  same 
ordering.  Thus  we  can  implement  a  complex  manipulation  with  a  sequence  of  simpler  ma¬ 
nipulations,  always  operating  on  OBDDs  under  a  common  ordering.  Users  can  view  a  library 
of  BDD  manipulation  routines  as  an  implementation  of  a  Boolean  function  abstract  data  type. 
Except  for  the  selection  of  a  variable  ordering,  all  of  the  operations  are  implemented  in  a  purely 
mechanical  way.  The  user  need  not  be  concerned  with  the  details  of  the  representation  or  the 
implementation. 

3.1.  The  apply  Operation 

The  apply  operation  generates  Boolean  functions  by  applying  algebraic  operations  to  other 
functions.  Given  argument  functions  /  and  g,  plus  binary  Boolean  operator  {op),  (e.g.,  And 
or  OR)  apply  returns  the  function  /  {op)  g.  This  operation  is  central  to  a  symbolic  Boolean 
manipulator.  With  it  we  can  complement  a  function  /  by  computing  /  ©  1.  Given  functions 
/  and  g,  and  “don’t  care”  conditions  expressed  by  the  function  d  (i.e.,  d{x)  yields  1  for  those 
variable  assignments  x  for  which  the  function  values  are  unimportant,)  we  can  test  whether  / 
and  g  are  equivalent  for  all  “care”  conditions  by  computing  (fi§g)  +  d  and  testing  whether  the 
result  is  the  function  1.  We  can  also  construct  the  OBDD  representations  of  the  output  functions 
of  a  combinational  logic  gate  network  by  “symbolically  interpreting”  the  network.  That  is,  we 
start  by  representing  the  function  at  each  primary  input  as  an  OBDD  consisting  of  a  test  of  a 
single  variable.  Then,  proceeding  in  order  through  the  network,  we  use  the  apply  operation  to 
construct  an  OBDD  representation  of  each  gate  output  according  to  the  gate  operation  and  the 
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Ai.Bi 

/ 

A2.B2 
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j  A6.B2  A6.B5 

is  \  /  \ 

A3,B2  A532  A3.B4 

/  \ 

A4,B3  A534 


Figure  7:  Execution  TVace  for  Apply  operation  with  operation  +.  Each  evaluation  step  has 
as  operands  a  vertex  from  each  argument  graph. 

OBDDs  computed  for  its  inputs. 

The  apply  algorithm  operates  by  traversing  the  argument  graphs  depth-first,  while  maintaining 
two  hash  tables:  one  to  improve  die  efficiency  of  the  computation,  and  one  to  assist  in  producing 
a  maximally  reduced  graph.  Note  that  whereas  earlier  presentations  treated  the  reduction  to 
canonical  form  as  a  separate  step  [Bryant  1986],  die  following  algorithm  produces  a  reduced 
form  directly.  To  illustrate  this  operation,  we  will  use  die  example  of  applying  the  +  operation  to 
the  functions  f(a,b,c)  =  (a+ b)-c+ d  taadg(a,b,c)  =  (a«)+d,  having  the  OBDD  representations 
shown  in  Figure  6. 

The  implementation  of  the  apply  operation  relies  on  the  fact  that  algebraic  operations  “com¬ 
mute”  with  the  Shannon  expansion  fra-  any  variable  x : 

f{op)g  =  x-(/|x<_0  (op)  $|x*_o)  +  *’(/ Ix<-1  (°P)  9\x<r-l)  (J) 

Observe  that  for  a  function  /  represented  by  an  OBDD  with  root  vertex  r/,  the  restriction  with 
respect  to  a  variable  x  such  that  x  <  var(rf)  can  be  computed  simply  as: 

'  r/,  x  <  var(r/) 
f\xi-b  te(r/)>  x  ~  var(rj)  and  6  =  0 
hi(rj),  x  —  vnr(r/)  and  6=1 

That  is,  the  restriction  is  represented  by  the  same  graph,  or  one  of  the  two  subgraphs  of  the  root 

Equation  1  forms  the  basis  of  a  recursive  procedure  fra:  computing  the  OBDD  representation  of 
/  (op)  g.  For  our  example,  die  recursive  evaluation  structure  is  illustrated  in  Figure  7.  Note 
dial  each  evaluation  step  is  identified  by  a  vertex  from  each  of  the  argument  graphs.  Suppose 
functions  /  and  g  are  represented  by  OBDDs  with  root  vertices  r5  and  r8,  respectively.  For 
die  case  where  both  17  and  rg  are  terminal  vertices,  the  recursion  terminates  by  returning  an 
appropriately  labeled  terminal  vertex.  In  our  example,  this  occurs  for  the  evaluations  A4,  B3,  and 
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Figure  8:  Result  Generation  lor  Apply  operation.  The  recursive  calling  structure  naturally 
leads  to  an  unreduced  graph  (left).  By  applying  reduction  rules  at  the  end  of  each  recursive  call, 
the  reduced  graph  is  generated  directly  (right). 

As,B4.  Otherwise,  let  variable  x  be  the  splitting  variable,  defined  as  the  minimum  of  variables 
var(rf)  and  var(rt).  OBDDs  for  the  functions  f\x  <_0  (op)  ^|Z4_o  /lx*-l  (°P)  </lx«-l 
are  computed  by  recursively  evaluating  the  restrictions  of  /  and  g  for  value  0  (indicated  in  Figure 
7  by  the  dashed  lines)  and  for  value  1  (indicated  by  solid  lines).  For  our  example,  die  initial 
evaluation  with  vertices  Ai,Bi  causes  recursive  evaluations  with  vertices  A2,B2  and  A*,B5. 

To  implement  die  apply  operation  efficiently,  we  add  two  more  refinements  to  the  procedure 
described  above.  First,  if  we  ever  reach  a  condition  where  one  of  the  arguments  is  a  terminal 
vertex  representing  the  “dominant”  value  for  operation  (op)  (e.g.,  1  for  Or  and  0  for  And), 
then  we  can  stop  the  recursion  and  return  an  appropriately  labeled  terminal  vertex.  This  occurs 
in  our  example  for  the  evaluations  As,  B2  and  A3,  B4.  Second,  we  avoid  ever  making  multiple 
recursive  calls  on  the  same  pair  of  arguments  by  maintaining  a  hash  table  where  each  entry  has 
as  key  a  pair  of  vertices  from  the  two  arguments  and  as  datum  a  vertex  in  the  generated  graph. 
At  the  start  of  an  evaluation  for  arguments  u  and  v,  we  check  for  an  entry  with  key  (u,  v)  in 
this  table.  If  such  an  entry  is  found,  we  return  the  datum  for  this  entry,  thereby  avoiding  any 
further  recursion.  If  no  entry  is  fraud,  then  we  follow  die  steps  described  above,  creating  a  new 
entry  in  the  table  before  returning  the  result  In  our  example,  this  refinement  avoids  multiple 
evaluations  of  the  arguments  A3,  B2  and  As,  B2.  Observe  that  with  this  refinement  the  evaluation 
structure  is  represented  by  a  directed  acyclic  graph,  rather  than  the  more  familiar  tree  structure 
for  recursive  routines. 

Each  evaluation  step  returns  as  result  a  vertex  in  the  generated  graph.  The  recursive  evaluation 
structure  naturally  defines  an  unreduced  graph,  where  each  evaluation  step  yields  a  vertex  labeled 
by  die  splitting  variable  and  having  as  children  the  results  of  the  recursive  rails.  For  our  example, 
this  graph  is  illustrated  on  the  left  hand  side  of  Figure  8.  To  generate  a  reduced  graph  directly, 
each  evaluation  step  attempts  to  avoid  creating  a  new  vertex  by  applying  tests  corresponding 
to  die  transformation  rates  described  in  Section  1.2.  Suppose  an  evaluation  step  has  splitting 
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Figure  9:  Example  of  Restrict  operation.  Restricting  variable  b  of  the  argument  (left)  to 
value  1  involves  bypassing  vertices  labeled  by  b  (center),  and  reducing  the  graph  (right). 

variable  x,  and  the  recursive  evaluations  return  vertices  vo  and  v\.  First  we  test  whether  t>0  =  t>i, 
and  if  so  return  this  vertex  as  the  procedure  result  Second,  we  test  whether  the  generated  graph 
already  contains  some  vertex  v  having  vor(v)  =  x,  lo(v)  =  vq,  and  hi(v)  =  v\.  This  test  is 
assisted  by  maintaining  a  second  hash  table  containing  an  entry  for  each  nonterminal  vertex  v  in 
the  generated  graph  with  key  (vor(v),  hi(v),  lo(v)).  If  the  desired  vertex  is  found,  it  is  returned 
as  the  procedure  result  Otherwise,  a  vertex  is  added  to  the  graph,  its  entry  is  added  to  the  hash 
table,  and  die  vertex  is  returned  as  the  procedure  result  Similarly,  terminal  vertices  are  entered 
in  the  haah  table  having  their  labels  as  keys.  A  new  terminal  vertex  is  generated  only  if  one 
with  the  desired  label  is  not  already  present  For  our  example,  this  process  avoids  creating  the 
ahaA-d  vertices  shown  on  die  left  hand  side  of  Figure  8.  Instead,  the  graph  mi  the  right  hand 
side  is  generated  direcdy.  Observe  that  this  graph  represents  die  function  a  +  b  e  +  d,  which 
is  indeed  the  result  of  applying  the  OR  operation  to  die  two  argument  functions. 

The  use  of  a  table  to  avoid  multiple  evaluations  of  a  given  pair  of  vertices  bounds  the  comp’exity 
of  the  apply  operation  and  also  yields  a  bound  on  the  sire  of  the  result  That  is,  suppose 
functions  /  and  g  are  represented  by  OBDDs  having  m/  and  mg  vertices,  respectively.  Then, 
there  can  be  at  most  mjmg  unique  evaluation  arguments,  and  each  evaluation  adds  at  most  one 
vertex  to  the  generated  result  Given  a  good  implementation  of  die  hash  tables,  each  evaluation 
step  can  be  performed,  on  average,  in  constant  time.  Thus,  both  the  complexity  of  the  algorithm 
and  die  sire  of  the  generated  result  must  be  0(mjmg). 

31  The  restrict  Operation 

Computing  a  restriction  to  a  function  represented  by  any  kind  of  BDD  is  straightforward.  To 
restrict  variable  x  to  value  ib,  we  can  simply  redirect  any  are  into  a  vertex  v  having  var(v)  =  x 
to  point  either  to  b(v)  for  k  =  0,  or  to  hi(v)  for  k  =  1.  Figure  9  illustrates  die  restriction  of 
variable  6  in  die  function  b  e  +  al-c  to  die  value  1.  With  the  original  function  given  by  the 
OBDD  on  the  left,  redirecting  the  arcs  has  the  effect  of  bypassing  any  vertex  labeled  by  6,  as 
illustrated  in  die  centre. 
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As  this  example  shows,  a  direct  implementation  of  tins  technique  may  yield  an  unreduced 
graph.  Instead,  the  operation  is  implemented  by  traversing  the  original  graph  depth-first  Each 
recursive  call  has  as  argument  a  vertex  in  the  original  graph  and  returns  as  result  a  vertex  in  the 
generated  graph.  To  ensure  that  the  generated  graph  is  reduced,  the  procedure  maintains  a  hash 
table  with  an  entry  for  each  vertex  in  the  generated  graph,  applying  the  same  reduction  rules 
as  those  described  for  the  apply  operation.  For  our  example,  the  result  would  be  an  OBDD 
representation  of  the  function  c  as  shown  on  the  right  hand  side  of  the  Figure  9. 

Computing  the  restriction  of  a  function  /  having  an  OBDD  representation  of  m/  vertices  involves 
at  most  mj  recursive  calls,  each  generating  at  most  one  vertex  in  the  result  graph.  Using  a  good 
hash  table  implementation,  each  recursive  step  requires  constant  time  on  average.  Thus,  both 
the  complexity  of  tire  algorithm  and  the  size  of  the  generated  result  must  be  0(m}). 


3.3.  Derived  Operations 

As  was  described  in  Section  2,  a  variety  of  operations  on  Boolean  functions  can  be  expressed  in 
terms  of  algebraic  and  restriction  operations.  The  apply  and  tire  restrict  algorithms  therefore 
provide  a  way  to  implement  these  other  operations.  Furthermore,  for  each  of  these  operations, 
both  tire  complexity  and  tire  size  of  tire  generated  graph  are  bounded  by  some  polynomial  function 
of  the  argument  functions.  Far  function  /,  let  m}  denote  the  size  of  its  OBDD  representation. 
Given  two  functions  /  and  g,  ami  “don’t  care”  conditions  expressed  by  a  function  d,  we  can 
compute  tire  equivalence  of  /  and  g  for  the  “care”  conditions  in  time  0(m/  ma  md).  We  can 
compute  tire  composition  of  functions  /  and  g  with  two  restrictions  and  three  calls  to  apply. 
This  approach  would  have  time  complexity  0(m j  mj).  By  implementing  the  entire  computation 
with  (me  traversal,  this  complexity  can  be  reduced  to  0(m /  mj)  [Bryant  1986].  Finally,  we  can 
compute  the  quantification  of  a  variable  in  a  function  /  in  time  O(mj). 


3.4.  Performance  Characteristics 

A  problem  is  solved  using  OBDDs  by  expressing  the  task  as  a  series  of  operations  on  Boolean 
functions  such  as  those  discussed  above.  As  we  have  seen,  all  of  these  operations  can  be  im¬ 
plemented  by  algorithms  having  complexity  polynomial  in  the  sizes  of  tire  OBDDs  representing 
the  arguments.  As  a  result,  OBDD- based  symbolic  Boolean  manipulation  has  two  advantages 
over  other  common  approaches.  First,  as  long  as  the  graphs  remain  of  reasonable  size,  the  total 
computation  remains  tractable.  Second,  although  the  graph  sizes  can  grow  with  each  successive 
operation,  any  single  operation  has  reasonable  worst  case  performance.  In  contrast,  most  other 
representations  of  Boolean  functions  lack  this  “graceful  degradation”  property.  For  example, 
even  if  a  function  has  a  reasonably  compact  sum  of  products  representation,  its  complement 
may  be  of  exponential  size  [Brayton  et  al  1984]. 

3J.  Implementation  Techniques 

From  the  standpoint  of  implementation,  OBDD-based  symbolic  manipulation  has  very  differ¬ 
ent  characteristics  from  many  other  computational  tasks.  During  the  course  of  a  computation. 
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1  Class 

Typical  Operations 

lypical  Tests 

j  Logic 

Finite  domains 
Functions 
Sets 

Relations 

A,  V,  V,  3 
domain  dependent 
application,  composition 

u,  n,  - 

composition,  closure 

satisfiability,  implication 
equivalence 
equivalence  1 

subset  1 

symmetry,  transitivity  | 

Table  2:  Example  Systems  that  can  be  Represented  with  Boolean  Functions. 

thousands  of  graphs,  each  containing  thousands  of  vertices,  are  constructed  and  discarded.  In¬ 
formation  is  represented  in  an  OBDD  more  by  its  overall  structure  rather  than  in  the  associated 
data  values,  and  hence  very  little  computational  effort  is  expended  on  any  given  vertex.  Thus, 
the  computation  has  a  highly  dynamic  character,  with  no  predictable  patterns  of  memory  ac¬ 
cess.  To  date,  the  most  successful  implementations  have  been  on  workstation  computers  with 
large  physical  memories,  where  careful  attention  has  been  given  to  programming  the  memory 
management  routines  [Brace  et  al  1990]. 

To  extract  maximum  performance,  it  would  be  desirable  to  exploit  die  potential  of  pipelined 
and  parallel  computers.  In  symbolic  analysis  tasks,  parallelism  could  exist  at  the  macro  level 
where  many  operations  are  performed  simultaneously,  and  at  the  micro  level  where  many  vertices 
within  a  given  OBDD  are  operated  on  simultaneously.  Compared  to  other  tasks  that  have  been 
successfully  mapped  onto  vector  and  parallel  computers,  OBDD  manipulation  requires  consider¬ 
ably  mare  communication  and  synchronization  among  the  computing  elements,  and  considerably 
less  local  computation.  Thus,  this  task  provides  a  challenging  problem  for  die  design  of  parallel 
computer  architectures,  programming  models,  and  languages.  Nonetheless,  some  of  the  early  at¬ 
tempts  have  proved  promising.  Researchers  have  successfully  exploited  vector  processing  [Ochi 
et  al  1991]  and  have  shown  good  results  executing  on  shared  memory  multiprocessors  [Kimura 
and  Clarke  1990].  Both  of  these  implementations  exploit  micro  parallelism  by  implementing  the 
apply  operation  by  a  breadth-first  traversal  of  the  argument  graphs,  in  contrast  to  die  depth-first 
traversal  of  conventional  implementations. 


4.  REPRESENTING  MATHEMATICAL  SYSTEMS 

Some  applications,  most  notably  in  digital  logic  design,  call  for  the  direct  representation  and 
manipulation  of  Boolean  functions.  In  general,  however,  the  power  of  symbolic  Boolean  ma¬ 
nipulation  comes  more  from  die  ability  of  binary  values  and  Boolean  operations  to  represent 
and  implement  a  wide  range  of  different  mathematical  domains.  This  basic  principle  is  so  well 
ingrained  that  we  seldom  even  think  about  it  For  example,  few  people  would  define  the  ADD 
operation  of  a  computer  as  a  set  of  32  Boolean  functions  over  a  set  of  64  arguments.  Table  2 
lists  examples  of  several  areas  of  mathematics  where  objects  can  be  represented,  operated  on, 
and  analyzed  using  symbolic  Boolean  manipulation,  as  long  as  the  underlying  domains  are  finite. 

By  providing  a  unified  framework  for  a  number  of  mathematical  systems,  symbolic  Boolean 
manipulation  can  solve  not  just  problems  in  the  individual  areas,  but  also  ones  involving  multiple 
areas  simultaneously.  For  example,  recent  programs  to  analyze  the  sequential  behavior  of  digital 
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Tfcble  3:  Ternary  Extensions  of  And,  Or,  and  Not.  The  third  value  X  indicates  an  unknown 
or  potentially  nondigital  voltage. 

circuits  (see  Section  6),  involve  operating  in  all  of  die  areas  listed  in  Table  2.  The  desired 
properties  of  die  system  are  expressed  as  formulas  in  a  logic.  The  system  behavior  is  given  by 
the  next-state  functions  of  the  circuit  The  analyzer  computes  sets  of  states  having  some  particular 
properties.  The  transition  structure  of  die  finite  state  system  is  represented  as  a  relation.  During 
execution,  die  analyzer  can  readily  shift  between  these  representations,  using  only  OBDDs  as 
the  underlying  data  structures.  Furthermore,  die  canonical  property  of  OBDDs  makes  it  easy  to 
detect  conditions  such  as  convergence,  or  whether  any  solutions  exist  to  a  problem. 

The  key  to  exploiting  die  power  of  symbolic  Boolean  manipulation  is  to  express  a  problem  in 
a  form  where  all  of  die  objects  are  represented  as  Boolean  functions.  In  the  remainder  of  this 
section  we  describe  some  standard  techniques  that  have  been  developed  along  this  line.  With 
experience  and  practice,  a  surprisingly  wide  range  of  problems  can  be  expressed  in  this  manner. 
The  mathematical  concepts  underlying  these  techniques  have  long  been  understood.  None  of 
the  techniques  rely  specifically  on  the  OBDD  representation — they  could  be  implemented  using 
any  of  a  number  of  representations.  OBDDs  have  simply  extended  die  range  of  problems  that 
can  be  solved  practically,  hi  doing  so,  however,  die  motivation  to  express  problems  in  terms  of 
symbolic  Boolean  operations  has  increased. 

4.1.  Encoding  of  Finite  Domains 

Consider  a  finite  set  of  elements  A  where  |A|  =  N.  We  can  encode  an  element  of  A  as  a  vector 
of  n  binary  values,  where  n  =  flog2 N].  This  encoding  is  denoted  by  a  function  <r:  A  -»  (0, 1}” 
mapping  each  element  of  A  to  a  distinct  n-bit  Unary  vector.  Let  <r,(a)  denote  die  ith  element 
in  this  encoding.  A  function  mapping  elements  in  A  to  elements  in  A,  /:  A  -*  A  is  represented 
as  a  vector  of  n  Boolean  functions  /,  where  each  /,:  {0, 1}”  — ♦  {0, 1 }  is  defined  as: 

M<r(a))  =  <r,(/(a)) 

In  many  applications,  the  domains  have  a  “natural”  encoding,  e.g.,  the  binary  encoding  of  finite 
integers,  while  in  others  it  is  constructed  artificially. 

As  an  example,  die  COSMOS  symbolic  simulator  [Cho  and  Bryant  1989]  uses  OBDDs  to 
compute  die  behavior  of  a  transistor  circuit  symbolically.  Such  a  simulator  can  be  used  to 
automatically  generate  tests  for  faults  in  a  circuit  and  to  formally  verify  that  the  circuit  has 
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some  desired  behavior.  The  circuit  model  represents  node  voltages  with  a  three-valued  signal 
set,  where  values  0  and  1  represent  low  and  high  voltages,  and  the  third  value  X  indicates  an 
unknown  or  potentially  nondigital  voltage.  During  symbolic  simulation,  the  node  states  must  be 
computed  as  three-valued  functions  over  a  set  of  Boolean  variables  introduced  by  the  user  to 
represent  values  of  the  primary  inputs  or  initial  state.  COSMOS  represents  the  state  of  a  node  by 
a  pair  of  OBDDs.  That  is,  it  encodes  each  of  the  N  =  3  elements  of  die  signal  set  as  a  vector  of 
n  =  2  binary  values  according  to  the  encoding  <r(  0)  =  [0, 1],  a{  1)  =  [1,0],  and  <t(  X)  =  [1, 1]. 

The  “next-state  functions”  computed  by  the  simulator  are  defined  entirely  according  to  this 
Boolean  encoding,  allowing  Boolean  functions  to  accurately  describe  the  three-valued  circuit 
behavior.  For  example,  Thble  3  shows  die  three-valued  extensions  of  die  logic  operations  And, 
Or,  and  Not.  Observe  that  the  operations  yield  X  in  every  case  where  an  unknown  argument 
would  cause  an  uncertainty  in  die  function  value.  Letting  [at,ao]  denote  the  encoding  of  a 
three-valued  signal  a,  the  three-valued  operation  can  be  expressed  entirely  in  terms  of  Boolean 
operations: 


[ai,oo]  * t  [&i»to] 
[<*i,ao]  +«  [bit bo] 


[aj*6| ,  ao  +  bo] 
[«i  +  b\ ,  ao-6o] 
[«0,<*l] 


During  operation,  the  simulator  operates  much  like  a  conventional  event-driven  logic  simulator. 
It  begins  with  each  internal  node  initialized  to  state  [1, 1]  indicating  die  node  value  is  unknown 
under  all  conditions.  During  simulation,  node  states  are  updated  by  evaluating  the  Boolean 
representation  of  die  next-state  function  with  die  apply  operation.  Each  time  the  state  of  a 
node  is  recomputed,  the  old  state  is  compared  with  die  new  state,  and  if  not  equivalent,  an  event 
is  created  for  each  fanout  of  die  node.  This  process  continues  until  the  event  list  becomes  empty, 
iwriiearing  that  the  network  is  in  a  stable  state.  This  method  of  processing  events  relies  heavily 
on  having  an  efficient  test  for  equivalence. 

4JL  Seta 

Given  an  encoding  of  a  set  A,  we  can  represent  and  manipulate  its  subsets  using  “characteristic 
functions”  [Cemy  and  Marin  1977].  A  set  5  C  A  is  denoted  by  die  Boolean  function  xs  : 
{0, 1}"  {0, 1},  where 

xs(*)  =  s  n  *<$*.(<»)> 

•€S  !<«'<» 

where  $  represents  the  complement  of  die  Exclusive-Or  operation.  Operations  on  sets  can 
then  be  implemented  by  Boolean  operations  on  their  characteristic  functions,  e.g.. 


XI 

XSUT 

Xsnr 


0 

Xs  +  Xr 
Xs'Xt 
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XS-T 


Xs-W 


Set  5  is  a  subset  of  T  if  and  only  if  xs  ■ Yr  =  0.  In  many  applications  of  OBDDs,  sets  are 
constructed  and  in  this  manner  without  ever  explicitly  enumerating  their  elements. 

Alternatively,  a  (nonempty)  set  can  be  represented^  the  set  of  possible  outputs  of  a  function 
vector  [Coudert  et  al  1990].  That  is,  we  consider  /to  denote  the  set 

{a  |  <r(a)  =  f(b),  for  some  b  €  {0, 1}B} 

This  representation  can  be  convenient  in  applications  where  die  system  being  analyzed  is  repre¬ 
sented  as  a  function  vector.  By  modifying  these  functions,  we  can  also  represent  subsets  of  the 
system  states. 


43.  Relations 


A  4-ary  relation  can  be  defined  as  a  set  of  ordered  4-tuples.  Thus,  we  can  also  represent 
and  manipulate  relations  using  characteristic  functions.  For  example,  consider  a  binary  relation 
RCAxA.  This  relation  is  denoted  by  the  Boolean  function  Xr  defined  as: 


Xn(*,v)  =  J2J2 


a£A  KX  [l<i<n 


IJ  *<$*<(«) 


n 

l<i<n 


With  this  representation,  we  can  perform  operations  such  as  intersection,  union,  and  difference 
on  relations  by  applying  Boolean  operations  to  their  characteristic  functions. 

Using  a  combination  of  functional  composition  and  variable  quantification,  we  can  also  compose 
relations.  That  is: 

XJ».s  =  3 z  [x*(x,  z)  • xs(z ,  y)  1 

where  RoS  denotes  the  composition  of  relations  R  and  S.  Quantification  over  a  variable  vector 
involves  quantifying  over  each  of  the  vector  elements  in  any  order. 

Tricing  this  further,  we  can  compute  the  transitive  closure  of  a  relation  using  fixed-point  tech¬ 
niques  [Burch  et  al  1990a].  The  function  x/p  is  computed  as  die  limit  of  a  sequence  of  functions 
XRi,  each  defining  a  relation: 


Ro  =  I 

Ri+i  =  /  U  R  o  R% 

where  I  denotes  the  identity  relation.  The  computation  converges  when  it  reaches  an  iteration 
i  such  that  xr*  =  X*-i>  *8*in  making  use  of  efficient  equivalence  testing.  If  we  think  of  R 
as  representing  a  graph,  with  a  vertex  for  each  element  in  A,  and  an  edge  for  each  element  in 
R,  ten  the  relation  R,  denotes  those  pain  reachable  by  a  path  with  at  most  i  edges.  Thus, 
die  computation  must  converge  in  at  most  N  -  1  iterations,  where  N  =  |A|.  A  technique 
known  as  ‘iterative  squaring”  [Burch  et  al  1990a]  reduces  the  maximum  number  of  iterations  to 
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Figure  10:  Universal  fraction  block.  By  assigning  different  values  to  the  variables  a,  an 
arbitrary  2-input  operation  can  be  realized 

n  m  [logjAH-  Each  iteration  computes  a  relation  jfy.)  denoting  those  pairs  reachable  by  a  path 
with  at  most  2*  edges: 


R( o)  =  lUR 
■R(i+1)  =  %  0  R(i) 

Many  applications  erf  OBDDs  involve  manipulating  relations  over  very  large  sets,  and  hence  the 
reduction  from  N  iterations  (e.g.,  1(f)  down  to  n  (e.g.,  30)  can  be  dramatic. 


5.  DIGITAL  SYSTEM  DESIGN  APPLICATIONS 

The  use  erf  OBDDs  in  digital  system  design,  verification,  and  testing  has  gained  widespread 
acceptance.  In  this  section,  we  describe  a  few  erf  die  areas  and  methods  of  application. 


5.L  Verification 

OBDDs  can  be  applied  directly  to  the  task  erf  testing  the  equivalence  of  two  combinational 
logic  circuits.  This  problem  arises  when  comparing  a  circuit  to  a  network  derived  from  the 
system  specification  [Bryant  1986],  or  when  verifying  that  a  logic  optimizer  has  not  altered  the 
circuit  functionality.  Using  die  apply  operation,  functional  representations  for  both  networks 
are  derived  and  tested  for  equivalence.  By  this  method,  two  sequential  systems  can  also  be 
compared,  as  long  as  they  use  the  same  state  encoding  [Madre  and  Billon  1988].  That  is,  the 
two  systems  must  have  identical  output  and  next-state  functions. 

54.  Design  Error  Correction 

Not  content  to  simply  detect  the  existence  of  errors  in  a  logic  design,  researchers  have  developed 
techniques  to  automatically  correct  a  defective  design.  This  involves  considering  some  relatively 
small  class  of  potential  design  errors,  such  as  a  single  incorrect  logic  gate,  and  determining  if 
any  variant  of  the  given  network  could  meet  the  required  functionality  [Madre  et  al  1989].  This 
analysis  demonstrates  the  power  of  die  quantification  operations  for  computing  projections,  in 
this  case  projecting  out  the  primary  input  values  by  universal  quantification. 


20 


Figure  11:  Signal  line  modifier.  A  nonzero  value  of  P,  alters  the  value  carried  by  the  line. 

Such  an  analysis  can  be  perforated  symbolically  by  encoding  die  possible  gate  functions  with 
Boolean  variables,  as  illustrated  in  Figure  10.  As  this  example  shows,  an  arbitrary  &-input 
gate  can  be  <*nni«twri  by  a  2* -input  multiplexor,  where  die  gate  operation  is  determined  by  the 
multiplexor  data  inputs  3  [Mead  and  Conway  1990].  Consider  a  single  output  circuit  N,  where 
one  of  die  gates  is  replaced  by  such  a  block,  giving  a  resulting  network  functionality  of  N(x,  a), 
where  £  represents  the  set  of  primary  inputs.  Suppose  dtat  the  desired  functionality  is  S(x). 
Our  task  is  to  determine  whether  (and  if  so,  how)  the  two  functions  can  be  made  identical  for 
all  primary  input  values  by  “programming”  die  gate  appropriately.  This  involves  computing  the 
function  C(a),  defined  as 

C(3)  =  V£[tf(£,a?)$S(®)] 

Any  assignment  to  a  for  which  C  yields  1  is  then  a  satisfactory  solution. 

Although  major  design  errors  cannot  be  corrected  in  this  manner,  it  eliminates  the  tedious  task 
of  debugging  circuits  with  common  errors  such  as  misplaced  inverters,  or  the  use  of  an  incorrect 
gate  type.  This  task  is  also  useful  in  logic  synthesis,  where  designers  want  to  alter  a  circuit  to 
meet  a  revised  specification  [Fujita  et  al  1991]. 

53.  Sensitivity  Analysis 

A  second  class  of  applications  involves  characterizing  the  effects  of  altering  the  signal  values 
on  different  lines  within  a  combinational  circuit  That  is,  for  each  signal  line  s,  we  want  to 
compute  the  Boolean  difference  for  every  primary  output  with  respect  to  s  [Sellers  et  al  1968]. 
This  analysis  can  be  performed  symbolically  by  introducing  “signal  line  modifiers”  into  the 
network,  as  illustrated  in  Figure  11.  That  is,  for  each  line  that  would  normally  carry  a  signal 
line  s ,  we  selectively  alter  die  value  to  be  s'  under  the  control  of  a  Boolean  value  P,  by 
computing  s'  =  s®Pt.  We  can  determine  the  conditions  under  which  some  output  of  die  circuit 
is  sensitive  to  the  value  on  a  signal  line  by  comparing  die  outputs  of  the  original  and  altered 
circuits,  as  illustrated  in  Figure  12.  As  this  figure  illustrates,  we  can  even  compute  die  effect  of 
every  single-line  modification  in  a  circuit  in  one  symbolic  evaluation  [Cho  and  Bryant  1989]. 
That  is,  number  every  signal  line  from  0  to  m- 1,  and  introduce  a  set  of  flogm]  “permutation 
variables”  r.  Each  permutation  signal  P,  is  then  defined  to  be  the  function  that  yields  1  when 
die  permutation  variables  are  die  binary  representation  of  the  number  assigned  signal  a.  In  logic 
design  terms,  this  is  equivalent  to  generating  the  permutation  signals  with  a  decoder  having  fas 
input  The  resulting  function  T(f,f)  yields  1  if  the  original  network  and  die  network  permuted 
by  r  produce  die  same  output  values  for  input  £. 

One  application  of  this  sensitivity  analysis  is  to  automatic  test  generation.  The  sensitivity  function 
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Figure  12:  Computing  sensitivities  to  single  line  modifications.  Each  assignment  to  the 
variables  in  f  causes  the  value  on  just  one  line  to  be  modified. 

describes  the  set  of  all  tests  for  each  single  fault  Suppose  a  signal  line  numbered  in  binary  as 
b  has  function  s(x)  in  the  normal  circuit  Then  an  input  pattern  a  will  detect  a  stuck-at- 1  fault 

on  die  line  if  and  only  if  T(a,b)  s(a)  =  1.  Similarly,  a  will  detect  a  stuck-at-0  fault  if  and  only 

if  T(a,  6)  -s(a)  =  1.  This  method  can  also  be  generalized  to  sequential  circuits  and  to  circuits 
represented  at  toe  switch-level  [Cho  and  Bryant  1989]. 

A  second  application  is^  in  toe  area  of  combinational  logic  optimization.  For  a  signal  line 
numbered  in  binary  as  b,  toe  function  T(x,  b)  represents  the  “don't  care  set”  for  each  line  of 
the  circuit,  i.e.,  those  cases  where  toe  circuit  outputs  are  independent  of  the  signal  value  on  this 
line.  Using  this  information  as  guidance,  toe  circuit  optimizer  can  apply  transformations  such 
as  eliminating  a  signal  line,  or  moving  a  line  to  a  different  gale  output  One  drawback  of  this 
approach,  however,  is  that  toe  sensitivity  function  must  be  recomputed  every  time  toe  optimizer 
modifies  toe  circuit  An  alternative  approach  yields  a  mote  restricted,  but  “compatible”  set  of 
don't  care  functions,  where  toe  don’t  care  sets  remain  valid  even  as  the  circuit  structure  is  altered 
[Sato  et  al  1990]. 

5.4.  Probabilistic  Analysis 

Recently,  researchers  have  devised  a  method  for  statistically  analyzing  the  effects  of  varying 
circuit  delays  in  a  digital  circuit  [Deguchi  et  al  1991].  This  application  of  OBDDs  is  particularly 
intriguing,  since  conventional  wisdom  would  hold  that  such  an  analysis  requites  evaluation  of 
real-valued  parametric  variations,  and  hence  could  not  be  encoded  with  Boolean  variables. 

Consider  a  logic  gate  network  in  which  each  gate  has  a  delay  given  by  sane  probability  distribu¬ 
tion.  This  circuit  may  exhibit  a  range  of  behaviors,  some  of  which  are  classified  as  undesirable. 
The  “yield”  is  then  defined  as  toe  probability  that  these  behaviors  do  not  occur.  As  an  example. 
Figure  13  shows  a  simple  circuit  where  two  of  die  logic  gates  have  a  variable  distribution  of 
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Figure  13:  Circuit  with  uncertain  delays.  Gates  labeled  by  min/max  delays.  Inverters  have 
distribution  of  delays. 


|D  |  Out  (Independent) 

|C  |  Out  (Actual) 


Figure  14:  Effect  of  uncertain  delays.  Signal  A  switches  from  0  to  1  at  time  0.  Ignoring  signal 
correlations  causes  overestimate  of  transition  probability. 
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Figure  IS:  Modeling  uncertain  delays.  Boolean  variables  control  delay  selection.  Signals  are 
replicated  according  to  delay  distribution. 

delays,  and  we  wish  to  evaluate  the  probability  of  a  glitch  occurring  on  node  Out  as  the  input 
signal  A  makes  a  transition  for  0  to  1.  Figure  14  shows  an  analysis  when  signal  A  changes  to 
1  at  time  0.  Signals  C  and  D  will  make  transitions,  where  die  transition  times  have  probability 
distributions  shown.  One  simple  analysis  would  be  to  treat  the  waveform  probabilities  for  all 
signals  as  if  they  were  independently  distributed.  Then  we  can  easily  compute  the  behavior  of 
each  gate  output  according  to  the  gate  function  and  input  waveforms.  For  example,  if  we  treat 
signals  C  and  D  as  independent,  then  we  could  compute  the  probability  of  a  rising  transition  on 
node  Out  at  time  t  as  the  product  of  die  probability  that  C  makes  a  transition  at  t  and  the  prob¬ 
ability  that  no  transition  on  D  occurs  at  time  <  t.  This  would  lead  to  the  transition  probability 
distribution  labeled  as  “Out  (Independent).”  The  net  probability  of  a  transition  occurring  (i.e., 
a  glitch)  would  then  be  computed  as  30%.  In  reality,  of  course,  the  transition  times  of  signals 
C  and  D  are  highly  correlated —  both  are  affected  by  the  delay  through  the  initial  buffer  gate. 
Hence,  a  more  careful  analysis  would  yield  the  transition  time  probability  distribution  labeled  as 
“Out  (Actual),”  having  a  net  probability  of  occurrence  of  12.5%.  Thus,  the  simplified  analysis 
underestimates  the  circuit  yield.  In  other  cases,  a  simplified  analysis  will  overestimate  die  yield 
[Deguchi  et  al  1991]. 

To  solve  this  problem  through  symbolic  Boolean  analysis,  we  must  make  two  restrictions.  First, 
all  circuit  delays  must  be  integer-valued  (for  an  appropriately  chosen  time  unit),  and  hence  tran¬ 
sitions  occur  only  at  discrete  time  points.  Second,  the  delay  probabilities  for  a  gate  must  be  mul¬ 
tiples  of  a  value  1/Jfc,  where  k  is  a  power  of  2.  For  example  both  variable  gates  in  Figure  13  have 
delays  ranging  from  1  to  4.  One  has  uniformly  distributed  delays  [1/4,  1/4,  1/4,  1/4],  while 
the  other  has  delays  that  more  nearly  approximate  a  normal  distribution  [1/8,  3/8,  3/8,  1/8]. 
The  delay  value  for  a  gate  can  then  be  encoded  by  a  set  of  log  k  Boolean  variables,  as  shown  in 
Figure  15.  That  is,  we  model  die  circuit  element  with  a  k-input  multiplexor,  where  a  delay  value 
having  probability  c/k  is  fed  to  c  erf  the  inputs.  The  circuit  is  then  evaluated  using  a  symbolic 
extension  of  a  conventional  logic  gate  simulation  algorithm.  The  signal  value  on  a  node  N  at 
each  time  t  is  then  a  Boolean  function  N(t)  of  the  delay  variables. 

For  die  example  of  Figure  15  suppose  that  variables  [«i,  eo]  encode  die  delay  between  A  and  B, 
addle  variables  [<^,d],<2o]  encode  the  delay  between  B  and  C,  as  shown  in  Table  4.  For  times 
t  <  0,  the  node  functions  are  given  as:  A(t)  =  B(t)  =  D(t)  =  Out(t)  =  0  and  C{t)  =  1.  For 
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A  — >  B 


Delay 

Condition 

1 

eT-eo 

2 

eT-eo 

3 

ei-eo 

4 

ereo 

B  — ►  C 


Delay 

Condition 

1 

di'di-do 

2 

cfc-(di  +  do) 

3 

<^•(37 + 3o) 

4 

d2-d\  *do 

Table  4:  Delay  Conditions  for  Example  Circuit 

times  t  >  0,  node  A  has  function  A(t)  =  1,  while  the  others  would  be  computed  as: 

B(t)  —  —  1)  +  ei*eo*A(f — 2)  +  e\ ’eo‘A(t  —  3)  +  t\  •eo’A^t  — 4) 

C(f)  =  37-37  •3o,J9(<  —  1)  +  37-(di  +  do)’B(t—2)  + 
d2  •  (37  +  3o)  *f?(f — 3)  -4-  ^2 -df  ‘do  ’B(t— 4) 

£>(<)  =  £(t-3) 

Out(<)  =  C(<)-D(t) 


From  these  equations,  the  output  signal  would  be  computed  as  Out(t)  =  0  for  t  <3  and  <  >  8, 
and  for  other  times  as: 

Out(  4)  =  di'di-do-ei'Co 
Out{5)  =  di’di-do-ei-eo 
Out(  6)  =  d2'di’do’e\’Co 
Out(7)  =  di’di’do'ei’CQ 


We  can  compute  a  Boolean  function  indicating  the  delay  conditions  under  which  some  undesir¬ 
able  behavior  arises.  For  example,  we  could  compute  the  probability  of  a  glitch  occurring  on 
node  Out  as  G  —  £  Out(t).  In  this  case,  we  would  compute  G  =  d2-d\  -do,  i.e.,  a  glitch  occurs 
if  and  only  if  the  delay  between  B  and  C  equals  4. 

Given  a  Boolean  function  representing  the  conditions  under  which  some  event  occurs,  we  can 
compute  the  event  probability  by  computing  the  density  of  the  function,  i.e.,  the  fraction  of 
variable  assignments  for  which  the  function  yields  1.  With  the  aid  of  the  Shannon  expansion, 
the  density  p(f)  of  a  function  /  can  be  shown  to  satisfy  die  recursive  formulation: 

fW  =  1 

Pi  0)  =  0 

Pif)  =  5  [/K  /I* «-  o)  +  /K  /I* «- 1 )] 

Thus,  given  an  OBDD  representation  of  /,  we  can  compute  die  density  in  linear  time  by 
traversing  the  graph  depth-first,  labeling  each  vertex  by  die  density  of  the  function  denoted  by 
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da)  7/32 


3A 


Figure  16:  Computation  of  Function  Density.  Each  vertex  is  labeled  by  the  fraction  of  variable 
assignments  yielding  1. 

its  subgraph.  This  computation  is  shown  in  Figure  16  for  the  OBDD  representing  the  conditions 
under  which  node  C  in  Figure  15  has  a  rising  transition  at  time  6,  indicating  that  this  event  has 
probability  7/32. 

As  this  application  shows,  OBDD-based  symbolic  analysis  can  be  applied  to  systems  with 
complex  parametric  variations.  Although  this  requires  simplifying  die  problem  to  consider  only 
discrete  variations,  useful  results  can  still  be  obtained.  The  key  advantage  this  approach  has  over 
other  simplified  methods  of  probabilistic  analysis  (e.g.,  controllability/observability  measures 
[Brglez  et  al  1984])  is  that  it  accurately  considers  the  effects  of  correlations  among  stochastic 
values. 


6.  FINITE  STATE  SYSTEM  ANALYSIS 

Many  problems  in  digital  system  verification,  protocol  validation,  and  sequential  system  op¬ 
timization  require  a  detailed  characterization  of  a  finite  state  system  over  a  sequence  of  state 
transitions.  Classic  algorithms  for  this  task  construct  an  explicit  representation  of  the  state  graph 
and  then  analyze  its  path  and  cycle  structure  [Clarice  et  al  1986].  These  techniques  become 
impractical,  however,  as  die  number  of  states  grows  large.  Unfortunately,  even  relatively  small 
digital  systems  can  have  very  large  state  spaces.  For  example,  a  single  32-bit  register  can  have 
over  4  x  109  states. 

Mote  recently,  researchers  have  developed  “symbolic”  state  graph  methods,  in  which  the  state 
transition  structure  is  represented  as  a  Boolean  function  [Burch  et  al  1990a;  Coudert  et  al  1990]. 2 


2 Apparently,  McMillan  [McMillan  1992)  implemented  the  first  symbolic  model  checker  in  1967,  bat  be  did  not 
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Figure  17:  Explicit  representation  of  non -deterministic  finite  state  machine.  The  size  of  the 
representation  grows  linearly  with  the  number  of  states. 


Figure  18:  Symbolic  representation  of  Don-deterministic  finite  state  machine.  The  number 
of  variables  grows  logarithmically  with  the  number  of  states. 
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This  involves  first  selecting  binary  encodings  of  the  system  states  and  input  alphabet  The  next- 
state  behavior  is  described  as  a  relation  given  by  a  characteristic  function  S(x,  o,n)  yielding  1 
when  input  x  can  cause  a  transition  from  state  o  to  state  n.  As  an  example,  Figure  18  illustrates 
an  OBDD  representation  of  the  nondeterministic  automaton  having  the  state  graph  illustrated 
in  Figure  17.  This  example  represents  the  three  possible  states  using  two  binary  values  by  the 
encoding  <x( A)  =  [0,0],  <r(B)  =  [1,0],  and  <7(C)  =  [0, 1].  Observe  that  the  unused  code  value 
[1, 1]  can  be  treated  as  a  “don’t  care”  value  for  the  arguments  o  and  n  in  the  function  S.  In  the 
OBDD  of  Figure  18,  this  combination  is  treated  as  an  alternate  code  for  state  C  to  simplify  the 
OBDD  representation. 

For  such  a  small  automaton,  the  OBDD  representation  does  not  improve  on  the  explicit  rep¬ 
resentation.  For  more  complex  systems,  on  the  other  hand,  the  OBDD  representation  can  be 
considerably  smaller.  Based  cm  the  upper  bounds  derived  for  bounded  width  networks  discussed 
in  Subsection  1.4,  McMillan  [McMillan  1992]  has  characterized  some  conditions  under  which 
the  OBDD  representing  the  transition  relation  for  a  system  grows  only  linearly  with  the  number 
of  system  components,  whereas  the  number  of  states  grows  exponentially.  In  particular,  this 
property  holds  when  both  (1)  the  system  components  are  connected  in  a  linear  or  tree  struc¬ 
ture,  and  (2)  each  component  maintains  only  a  bounded  amount  of  information  about  the  state 
of  die  other  components.  As  the  example  of  Figure  5  illustrated,  this  bound  holds  for  ring- 
connected  systems,  as  well,  since  a  ring  can  be  “flattened”  into  a  linear  chain  of  bidirectional 
links.  McMillan  has  identified  a  variety  of  systems  satisfying  these  conditions,  including  a 
hierarchical  distributed  cache  in  a  shared  memory  multiprocessor,  and  a  ring-based  distributed 
mutual  exclusion  circuit 

Given  the  OBDD  representation,  properties  of  a  finite  state  system  can  then  be  expressed  by  fixed 
point  equations  over  the  transition  function,  and  these  equations  can  be  solved  using  iterative 
methods,  similar  to  those  described  to  compute  the  transitive  closure  of  a  relation.  For  example, 
consider  the  task  of  determining  the  set  of  states  reachable  from  an  initial  state  having  binary 
coding  q  by  some  sequence  of  transitions.  Define  the  relation  S  to  indicate  the  conditions  under 
which  for  some  input  x,  there  can  be  a  transition  from  state  o  to  state  n.  This  relation  has  a 
characteristic  function 

Xs(o,  n)  =  3x  [6(x,o,n)] 

Then  set  of  states  reachable  from  state  q  has  characteristic  function: 

x*(«)  =  xs*(q,s) 

Systems  with  over  1020  states  have  been  analyzed  by  this  method  [Burch  et  al  1990b],  far  larger 
than  could  ever  be  analyzed  using  explicit  state  graph  methods.  A  number  of  refinements  have 
been  proposed  to  speed  convergence  [Burch  et  al  1990a;  Filkom  1991]  and  to  reduce  the  size 
of  the  intermediate  OBDDs  [Coudert  et  al  1990], 

Unfortunately,  the  system  characteristics  that  guarantee  an  efficient  OBDD  representation  of  the 
transition  relation  do  not  provide  useful  upper  bounds  on  the  results  generated  by  symbolic  state 
machine  analysis.  For  example,  one  can  devise  a  system  having  a  linear  interconnection  structure 
for  which  foe  characteristic  function  of  the  set  of  reachable  states  requires  an  exponentially-sized 


pgtBst  this  wok. 
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OBDD  [McMillan  1992].  On  the  other  hand,  researchers  have  shown  that  a  number  of  real-life 
systems  can  be  analyzed  by  these  methods. 

One  application  of  finite  state  system  analysis  is  in  verifying  the  correctness  of  a  sequential  digital 
circuit  For  example,  one  can  prove  that  a  state  machine  derived  from  the  system  specification  is 
equivalent  to  one  derived  from  die  circuit  even  though  drey  use  different  state  encodings.  For  this 
application,  more  specialized  techniques  have  also  been  developed  that  exploit  characteristics 
of  the  system  to  be  verified,  e.g.,  that  the  circuit  is  synchronous  and  deterministic,  and  that 
the  specification  requires  analyzing  only  a  bounded  number  of  clock  cycles  [Bose  and  Fisher 
1989;  Beatty  et  al  1991].  For  example,  we  have  verified  pipelined  data  paths  containing  over 
1000  bits  of  register  state.  Such  a  system,  having  over  lO300  states,  exceeds  the  capacity  of 
current  symbolic  state  graph  methods. 


7.  OTHER  APPLICATION  AREAS 

Historically,  OBDDs  have  been  applied  mostly  to  tasks  in  digital  system  design,  verification, 
and  testing.  More  recently,  however,  their  use  has  spread  into  other  application  domains.  For 
example,  the  fixed  point  techniques  used  in  symbolic  state  machine  analysis  can  be  used  to  solve 
a  number  of  problems  in  mathematical  logic  and  formal  languages,  as  long  as  the  domains  are 
finite  [Burch  et  al  1990a;  Touati  et  al  1991].  Researchers  have  also  shown  that  problems  from 
many  application  areas  can  be  formulated  as  a  sets  of  equations  over  Boolean  algebras  which 
are  then  solved  by  a  form  of  unification  [Bflttner  and  Simonis  1987]. 

In  the  area  of  artificial  intelligence,  researchers  have  developed  a  truth  maintenance  system  based 
on  OBDDs  [Madre  and  Coudert  1991].  They  use  an  OBDD  to  represent  the  “database,”  i.e., 
the  known  relations  among  the  elements.  They  have  found  that  by  encoding  the  database  in  this 
form,  the  system  can  make  inferences  more  readily  than  with  the  traditional  approach  of  simply 
maintaining  an  unorganized  list  of  “known  facts.”  For  example,  determining  whether  a  new  fact 
is  consistent  with  or  follows  from  the  set  of  existing  facts  involves  a  simple  test  for  implication. 

8.  AREAS  FOR  IMPROVEMENT 

Although  a  variety  of  problems  have  been  solved  successfully  using  OBDD-based  symbolic 
manipulation,  there  are  still  many  cases  where  improved  methods  are  required.  Of  course,  most 
of  the  problems  to  be  solved  are  NP-hard,  ami  in  some  cases  even  PSPACE-hard  [Garey  and 
Johnson  1979].  Hence,  it  is  unlikely  that  any  method  with  polynomial  worst  case  behavior  can 
be  found.  At  best,  we  can  develop  methods  that  yield  acceptable  performance  for  most  tasks  of 
interest 

One  possibility  is  to  improve  cm  the  representation  itself.  For  working  with  digital  systems 
containing  multipliers  and  other  functions  involving  a  complex  relation  between  the  control 
and  dam  signals,  OBDDs  quickly  become  unpractically  large.  Several  methods  have  been 
proposed  that  follow  the  same  general  principles  of  OBDD-based  symbolic  manipulation,  but 
with  fewer  restrictions  on  the  data  structure.  For  example,  Karplus  has  proposed  a  variant 
termed  “If-Tben-Else  DAGs,”  where  the  test  condition  for  each  vertex  can  be  a  more  complex 
fraction  than  a  simple  variable  test  [Karplus  1989].  Researchers  at  CMU  have  experimented 


Discovering  new  application  areas,  and  improving  die  performance  of  symbolic  methods  (OBDD 
or  otherwise)  for  existing  areas  will  provide  a  fruitful  area  of  research  for  many  years  to  come. 
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with  “Free  BDDs,”  in  which  the  variable  ordering  restriction  of  OBDDs  is  relaxed  to  the  extent 
that  die  variables  can  appear  in  any  order,  but  no  path  from  the  root  to  a  terminal  vertex 
can  test  a  variable  more  than  once  [Brace  1988].  Such  graphs,  known  as  “1-time  branching 
programs”  in  the  theoretical  community  [Wegener  1988],  have  many  of  the  desirable  properties 
of  OBDDs,  inrliMting  an  efficient  (although  probabilistic)  method  for  testing  equivalence  [Blum 
and  Chandra  1980].  Recently,  techniques  based  on  this  representation  have  been  developed 
that  maintain  several  of  the  desirable  characteristics  of  OBDDs,  including  a  canonical  form 
and  a  polynomial  time  apply  operation  [Geigov  and  Meinel  1992].  Other  researchers  have 
removed  all  restrictions  on  variable  occurrence,  allowing  paths  with  multiple  tests  of  a  single 
variable  [Ashar  et  al  1991;  Burch  1991].  In  each  of  these  extensions,  we  see  a  trade-off  between 
the  compactness  of  the  representation  and  the  difficulty  of  constructing  them  or  testing  their 
properties. 

In  many  combinatorial  optimization  problems,  symbolic  methods  using  OBDDs  have  not  per¬ 
formed  as  well  as  more  traditional  methods.  In  these  problems,  we  are  typically  interested  in 
finding  only  one  solution  that  satisfies  some  optimality  criterion.  Most  approaches  using  OB¬ 
DDs  on  the  other  hand,  derive  all  possible  solutions  and  then  select  the  best  from  among  these. 
Unfortunately,  many  problems  have  too  many  solutions  to  encode  symbolically.  More  traditional 
search  methods  such  as  branch-and-bound  techniques  often  prove  more  efficient  and  able  to  solve 
larger  problems.  For  example,  our  test  generation  program  determines  all  possible  tests  for  each 
fault  [Cho  and  Bryant  1989],  whereas  more  traditional  methods  stop  their  search  as  soon  as  a 
single  test  is  found.  One  possibility  would  be  apply  the  idea  of  “lazy”  or  “delayed”  evaluation 
[Abelson  et  al  1985]  to  OBDD-based  manipulation.  That  is,  rather  than  eagerly  creating  a  full 
representation  of  every  function  during  a  sequence  of  operations,  the  program  would  attempt 
to  construct  only  as  much  of  the  OBDDs  as  is  required  to  derive  die  final  information  desired. 
Recent  test  generation  programs  have  some  of  this  character,  using  a  hybrid  of  combinatorial 
search  and  functional  evaluation  [Giraldi  and  Bushnell  1990]. 

9.  SUMMARY 

As  researchers  explore  new  application  areas  and  formulate  problems  symbolically,  they  find 
they  can  exploit  several  key  features  of  Boolean  functions  and  OBDDs: 

•  By  encoding  die  elements  of  a  finite  domain  in  binary,  operations  over  these  domains  can 
be  represented  by  vectors  of  Boolean  functions. 

•  Symbolic  Boolean  manipulation  provides  a  unified  framework  for  representing  a  number 
of  different  mathematical  systems. 

•  For  many  problems,  a  variable  ordering  can  be  found  such  that  the  OBDD  sizes  remain 
reasonable. 

•  Hie  ability  to  quickly  test  equivalence  and  satisfiability  makes  techniques  such  as  iterative 
methods  and  sensitivity  analysis  feasible. 

•  The  apply  and  restrict  operations  provide  a  powerful  basis  for  many  more  complex 
operations. 


30 


[Bryant  1986]  Bryant*  R.  E.  1986.  Graph-based  algorithms  for  Boolean  function  manipulation. 
IEEE  Transactions  on  Computers  C-35,  6  (Aug.),  pp.  677-691. 

(Bryant  1991]  Bryant,  R.  E.  1991.  On  the  complexity  of  VLSI  implementations  and  graph  rep¬ 
resentations  of  Boolean  functions  with  application  to  integer  multiplication.  IEEE  Trans¬ 
actions  on  Computers  40  2  (Feb.),  pp.  205-213. 

[Burch  et  al  1990a]  Burch,  J.  R.,  Clarke,  E.  M.,  and  McMillan,  K.  1990.  Symbolic  model 
checking:  10®  states  and  beyond.  Fifth  Annual  IEEE  Symposium  on  Logic  in  Computer 
Science  (Philadelphia,  June),  IEEE,  New  York,  pp.  428-439. 

[Burch  et  al  1990b]  Burch,  J.  R.,  Clarke  E.  M.,  Dill,  D.  L.,  and  McMillan,  K.  1990.  Sequential 
circuit  verification  using  symbolic  model  checking.  Proceedings  of  the  27th  ACMIIEEE 
Design  Automation  Conference  (Orlando,  June)  ACM,  New  York,  pp.  46-51. 

[Burch  1991]  Burch,  J.  R.  1991.  Using  BDDs  to  verify  multipliers.  Proceedings  of  the  28th 
ACMIIEEE  Design  Automation  Conference ,  (San  Francisco,  June)  ACM,  New  York, 
pp.  408-412. 

[Bilttner  and  Simonis  1987]  Biittner,  W.  and  Simonis,  H.  1987.  “Embedding  Boolean  expres¬ 
sions  into  logic  programming.  Journal  of  Symbolic  Computation  4  pp.  191-205. 

[Ceray  and  Marin  1977]  Cemy,  E.  and  Marin,  M.  A.  1977.  An  approach  to  unified  methodology 
of  combinational  switching  circuits.  IEEE  Transactions  on  Computers  C-26,  8  (Aug.), 
pp.  745-756. 

[Cho  and  Bryant  1989]  Cho,  K.,  and  Bryant,  R.  E.,  1989.  Test  pattern  generation  for  sequential 
MOS  circuits  by  symbolic  fault  simulation.  Proceedings  of  the  26th  ACMIIEEE  Design 
Automation  Conference  (Las  Vegas,  June),  ACM,  New  York,  pp.  418-423. 

[Clarke  et  al  1986]  Clarke,  E.  M. ,  Emerson,  E.  A.,  and  Sistla,  A.  P.  1986.  Automatic  verification 
of  finite-state  concurrent  systems  using  temporal  logic  specifications.  ACM  Transactions 
on  Programming  Languages  8  2  (April),  pp.  244-263. 

[Coudert  et  al  1990)  Coudert,  O.  Madre,  J.-C,  and  Berthet,  G  1990.  Verifying  temporal  prop¬ 
erties  of  sequential  machines  without  building  their  state  diagrams.  Computer-Aided  Verifi¬ 
cation  *90,  E.  M.  Clarke,  and  R.  P  Kurshan,  eds.  (Rutgers,  June),  American  Mathematical 
Society,  pp.  75-84. 

[Deguchi  et  al  1991]  Deguchi,  Y.,  Ishiura,  N.,  and  Yajima,  S.  1991.  Probabilistic  CTSS:  Anal¬ 
ysis  of  tinting  error  probability  in  asynchronous  logic  circuits.  Proceedings  of  the  28th 
ACMIIEEE  Design  Automation  Conference,  (San  Francisco,  June)  ACM,  New  York, 
pp.  650-655. 

[Ftlkorn  1991]  Filkorn,  T.  1991.  A  method  for  symbolic  verification  of  synchronous  circuits. 
Computer  Hardware  Description  Languages  (Marseilles,  April),  IFIP,  pp.  229-239. 


32 


[Fortune  et  al  1978]  Fortune,  S.,  Hopcroft,  J.,  and  Schmidt,  E.  M.  1978.  The  complexity  of 
equivalence  and  containment  for  free  single  variable  program  schemes.  Automata,  Lan¬ 
guages  and  Programming,  Lecture  Notes  in  Computer  Science,  Vol.  62,  G.  Goos,  J.  Hart- 
manis,  Ausiello,  and  Boehm,  eds.  Springer- Verlag,  Berlin,  pp.  227-240. 

[Fujita  et  al  1988]  Fujita,  M.,  Fujisawa,  H.  and  Kawato,  N.  1988.  Evaluations  and  improve¬ 
ments  of  a  Boolean  comparison  program  based  cm  binary  decision  diagrams.  International 
Conference  on  Computer-Aided  Design  (Santa  Clara,  Nov.),  IEEE,  New  York,  pp.  2-5. 

[Fujita  et  al  1991]  Fujita,  M,  Kakuda,  T.,  and  Matsunaga,  Y.  1991.  Redesign  and  automatic 
error  correction  of  combinational  circuits.  Logic  and  Architecture  Synthesis:  Proceedings 
of  the  IFIP  TC10IWG105  Workshop  on  Logic  and  Architecture  Synthesis,  R  Michel,  and 
G.  Saucier,  eds.  Elsevier,  Amsterdam,  pp.  253-262. 

[Garey  and  Johnson  1979]  Garey,  M.  R.,  and  Johnson,  D.  S.  1979.  Computers  and  Intractability, 
W.  H.  Freeman  and  Company,  New  York. 

[Gergov  and  Meinel  1992]  Gergov,  J.,  and  Meinel,  C.  1992.  Efficient  analysis  and  manipulation 
of  OBDDs  can  be  extended  to  read-once-only  branching  programs.  Technical  Report  92-10, 
UniversitSt  Drier,  Fachbereich  IV — Mathematik/Informatik,  Drier,  Germany. 

[Giraldi  and  Bushnell  1990]  Giraldi,  J.,  and  Bushnell,  M.  L.  1990.  EST:  The  new  frontier  in 
automatic  test-pattern  generation.  Proceedings  of  the  27th  ACMIIEEE  Design  Automation 
Corference  (Orlando,  June),  ACM,  New  York,  pp.  667-672. 

[Jeong  et  al  1991]  Jeong,  S.-W.,  Plessier,  B.,  Hachtel,  G.  D.,  and  Somenzi,  F.  1991.  triable 
ordering  and  Selection  for  FSM  traversal.  International  Conference  on  Computer-Aided 
Design  (Santa  Clara,  Nov.),  IEEE,  New  York,  pp.  476-479. 

[Karplus  1989]  Karplus,  K.  1989.  Using  if-then-clse  DAGs  for  multi-level  logic  minimization. 
In  Advanced  Research  in  VLSI,  C.  Seitz,  ed.,  MIT  Press,  Cambridge,  pp.  101-118. 

[Kimura  and  Clarke  1990]  Kimura,  S.,  and  Clarke,  E.  M.  1990.  A  parallel  algorithm  for  con¬ 
structing  binary  decision  diagrams.  International  Conference  on  Computer  Design  (Boston, 
Oct),  IEEE,  New  York,  pp.  220-223. 

[Lee  1959]  Lee,  C  Y.  1959.  Representation  of  switching  circuits  by  binary-decision  programs. 
Bell  System  Technical  Journal  38,  pp.  985-999. 

[Lin  et  al  1990]  Lin,  B.,  Touati,  H.  J.,  and  Newton,  A.  R.  1990.  Don’t  care  minimization  of 
multi-level  sequential  logic  networks.  International  Corference  on  Computer-Aided  Design 
(Santa  Clara,  Nov.),  IEEE,  New  York,  pp.  414-417. 

[Madre  and  Billon  1988]  Madre,  J.  C,  and  Billon,  J.  P.  1988.  Proving  circuit  correctness  using 
formal  comparison  between  expected  and  extracted  behaviour.  Proceedings  of  the  25th 
ACMIIEEE  Design  Automation  Corference,  (Anaheim,  June),  ACM,  New  York,  pp.  205- 
210. 


33 


[Madre  et  al  1989]  Madre,  J.-C,  Coudert,  O.,  and  Billon,  J.  P.  1989.  Automating  the  diagnosis 
and  rectification  of  design  errors  with  PRIAM.  International  Conference  on  Computer- 
Aided  Design  (Santa  Clara,  Nov.),  IEEE,  New  York,  pp.  30-33. 

[Madre  and  Coudert  1991]  Madre,  J.-C,  and  Coudcrt,  O.  1991.  A  logically  complete  reasoning 
maintenance  system  based  on  a  logical  constraint  solver.  12th  International  Joint  Confer¬ 
ence  on  Artificial  Intelligence  (Sydney,  Aug.),  pp.  294-299. 

[Malik  et  al  1988]  Malik,  S.,  Wang,  A.,  Brayton,  R.  K.,  and  Sangiovanni-Vincentelli,  A.  1988. 
Logic  verification  using  binary  decision  diagrams  in  a  logic  synthesis  environment  In¬ 
ternational  Conference  on  Computer-Aided  Design  (Santa  Clara,  Nov.),  IEEE,  New  York, 
pp.  6-9. 

[McMillan  1992]  McMillan,  K.  L.  1992.  Symbolic  model  checking:  an  approach  to  the  state 
explosion  problem.  PhD  thesis.  School  of  Computer  Science,  Carnegie  Mellon  University. 

[Mead  and  Conway  1990]  Mead,  C.  A.,  and  Conway,  L.  1980.  Introduction  to  VLSI  Systems, 
Addison- Wesley,  Reading,  MA. 

[Meinel  1990]  Meinel,  C  1990  Modified  branching  programs  and  their  computational  power. 
Lecture  Notes  in  Computer  Science  Vol.  370 ,  G.  Goos,  and  J.  Hartmanis,  eds.  Springer- 
Verlag,  Berlin. 

[Minato  et  al  1990]  Minato,  S.,  Ishiura,  N.,  and  Yajima,  S.  1990.  Shared  binary  decision  diagram 
with  attributed  edges  for  efficient  Boolean  function  manipulation.  Proceedings  of  the  27th 
ACMIIEEE  Design  Automation  Conference  (Orlando,  June),  ACM,  New  York,  pp.  52-57. 

[Ochi  et  al  1991]  Ochi,  R,  Ishiura,  N.,  and  Yajima,  S.  1991.  Breadth-first  manipulation  of 
SBDD  of  function  for  vector  processing.  Proceedings  of  die  28th  ACMIIEEE  Design  Au¬ 
tomation  Conference ,  (San  Francisco,  June)  ACM,  New  York,  pp.  413-416. 

[Reeves  and  Irwin  1987]  Reeves,  D.  S.,  and  Irwin,  M.  J.  1987.  Fast  methods  for  switch-level 
verification  of  MOS  circuits.  IEEE  Transactions  on  CADIIC  CAD-6  5  (Sept),  pp.  766-779. 

[Sato  et  al  1990]  Sato,  R,  Yasue,  Y.,  Matsunaga,  Y.,  and  Fujita,  M.  1990.  Boolean  resubsti¬ 
tution  with  permissible  functions  and  binary  decision  diagrams.  Proceedings  of  the  27th 
ACMIIEEE  Design  Automation  Conference  (Orlando,  June),  ACM,  New  York,  pp.  284-289. 

[Sellers  et  al  1968]  Sellers,  F.  F.,  Hsiao,  M.  Y.,  and  Beam  son,  C.  L.  1968.  Analyzing  errors 
with  the  Boolean  difference.  IEEE  Transactions  on  Computers  C-17,  pp.  676-683. 

[Srinivasan  et  al  1990]  Srinivasan,  A.,  Kam,  T.,  Malik,  S.,  and  Brayton,  R.  K.  1990.  Algorithms 
for  discrete  function  manipulation.  International  Conference  on  Computer-Aided  Design 
(Santa  Clara,  Nov.),  IEEE,  New  York,  pp.  92-95. 

flbuati  et  al  1991]  Tbuati,  H.  J.,  Brayton,  R.  K.,  and  Kurshan,  R.  P.  1991.  Testing  language 
containment  for  (^-automata  using  BDD’s.  Formal  Methods  in  VLSI  Design  (Miami,  Jan.), 
ACM,  New  York. 


34 


[Watanabe  and  Brayton  1991]  Watanabc,  Y.,  and  Brayton,  It  K.  1991.  Heuristic  minimization 
of  multiple-valued  relations.  International  Conference  on  Computer-Aided  Design  (Santa 
Clara,  Nov.),  IEEE,  New  York,  pp.  126-129. 

[Wegener  1988]  Wegener,  1. 1988.  On  the  complexity  of  branching  programs  and  decision  trees 
for  clique  functions.  /.  ACM  35  2  (April),  pp.  461-471. 


35 


